> (Strictly in the spirit of debate ;)
>
[snip]
> > [Mikael Olsson wrote]
> > How well does your NAT box handle connection closing? If you open
> > a connection out through the NAT, can I then, as the
> > recipient, keep
> > it open after your computer thinks that it's closed, and start
> > sending SYNs back in through the NAT device and wait until some
> > RPC service or something starts listening on that port?
>
> [Ben Nagy wrote]
> Assuming we're talking about an arbitrary, theoretical NAT
> box - it handles
> it fine. My coders were (just) bright enough to realise that
> the connection
> should get pulled out of the state table after seeing a FIN
> from either
> side. How hard is that?
>
Hmm.. Not entierly correct. Not all OS strictly send a FIN when closing
connections.
[snip]
> > Can your NAT device LIMIT what kind of traffic that you can
> > send to the outside world? If you've got a trojan sitting
> > on your network (received through mail, whatever) it'll
> > likely try to communicate with the outside world. If your
> > firewall can block and alarm that traffic, you've bought
> > yourself time.
>
> How many people do this? The firewall is to keep bad guys
> OUT, right? We
> don't have any bad guys INSIDE our network! That's unpossible!
:)
Cheers!
//Jesper
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
